# DNS Update Automation - Complete **Date**: 2026-01-09 **Script**: `scripts/update-all-dns-to-public-ip.sh` **Status**: ✅ Ready to Use --- ## Summary Created an automated script to update all Cloudflare DNS records to point to a single public IP (76.53.10.35) with DNS only mode, enabling direct NAT routing through ER605 to Nginx. --- ## Script Features ✅ **Multi-Zone Support** - Handles 4 different Cloudflare zones - sankofa.nexus - d-bis.org - mim4u.org - defi-oracle.io ✅ **Smart Record Management** - Creates new records if they don't exist - Updates existing records if they do exist - Handles duplicate records gracefully ✅ **DNS Only Mode** - Sets all records to DNS only (gray cloud) - No Cloudflare proxy (direct IP routing) - Enables NAT-based routing ✅ **Error Handling** - Comprehensive error checking - Detailed logging with colors - Summary of successes and failures ✅ **Flexible Authentication** - Supports API Token (recommended) - Supports Email + API Key (alternative) --- ## Complete Domain List (19 Records) ### sankofa.nexus Zone (5 records) 1. `sankofa.nexus` - Sankofa main website 2. `www.sankofa.nexus` - Sankofa www 3. `phoenix.sankofa.nexus` - Phoenix website 4. `www.phoenix.sankofa.nexus` - Phoenix www 5. `the-order.sankofa.nexus` - The Order portal ### d-bis.org Zone (9 records) 6. `rpc-http-pub.d-bis.org` - RPC Public HTTP 7. `rpc-ws-pub.d-bis.org` - RPC Public WebSocket 8. `rpc-http-prv.d-bis.org` - RPC Private HTTP 9. `rpc-ws-prv.d-bis.org` - RPC Private WebSocket 10. `explorer.d-bis.org` - Block Explorer 11. `dbis-admin.d-bis.org` - DBIS Admin 12. `dbis-api.d-bis.org` - DBIS API Primary 13. `dbis-api-2.d-bis.org` - DBIS API Secondary 14. `secure.d-bis.org` - DBIS Secure Portal ### mim4u.org Zone (4 records) 15. `mim4u.org` - MIM4U main site 16. `www.mim4u.org` - MIM4U www 17. `secure.mim4u.org` - MIM4U secure portal 18. `training.mim4u.org` - MIM4U training portal ### defi-oracle.io Zone (1 record) 19. `rpc.public-0138.defi-oracle.io` - ThirdWeb RPC --- ## Configuration Required ### .env File Variables ```bash # Public IP (single IP for all services) PUBLIC_IP=76.53.10.35 # Cloudflare Authentication (choose one) CLOUDFLARE_API_TOKEN=your-token-here # OR CLOUDFLARE_EMAIL=your-email@example.com CLOUDFLARE_API_KEY=your-api-key-here # Zone IDs (get from Cloudflare Dashboard) CLOUDFLARE_ZONE_ID_SANKOFA_NEXUS=your-zone-id CLOUDFLARE_ZONE_ID_D_BIS_ORG=your-zone-id CLOUDFLARE_ZONE_ID_MIM4U_ORG=your-zone-id CLOUDFLARE_ZONE_ID_DEFI_ORACLE_IO=your-zone-id ``` --- ## Usage ### Step 1: Configure .env Add the required variables to your `.env` file (see above). ### Step 2: Run Script ```bash cd /home/intlc/projects/proxmox ./scripts/update-all-dns-to-public-ip.sh ``` ### Step 3: Verify ```bash # Test DNS resolution dig sankofa.nexus +short dig secure.d-bis.org +short dig mim4u.org +short # All should return: 76.53.10.35 ``` --- ## Architecture ``` Internet → Cloudflare DNS (DNS Only) → 76.53.10.35 → ER605 NAT → Nginx (192.168.11.26:443) → Backend Services ``` **Key Points:** - Single public IP for all 19 domains - DNS only mode (no Cloudflare proxy) - ER605 NAT forwards to Nginx - Nginx routes by hostname (SNI) --- ## Path-Based Routing Some services use path-based routing (handled by Nginx): - `sankofa.nexus/api` → Routes to Sankofa API - `phoenix.sankofa.nexus/api` → Routes to Phoenix API - `secure.d-bis.org/admin` → Routes to DBIS Admin - `secure.d-bis.org/api` → Routes to DBIS API - `secure.d-bis.org/graph` → Routes to DBIS GraphQL - `mim4u.org/admin` → Routes to MIM4U Admin These are handled by Nginx configuration, not DNS. --- ## Files Created 1. **Script**: `scripts/update-all-dns-to-public-ip.sh` - Main automation script - Executable and ready to use 2. **Example Config**: `scripts/update-all-dns-to-public-ip.env.example` - Template for .env configuration - Shows all required variables 3. **Documentation**: `docs/04-configuration/DNS_UPDATE_SCRIPT_GUIDE.md` - Complete usage guide - Troubleshooting section - Verification steps 4. **Quick Reference**: `scripts/update-all-dns-to-public-ip.README.md` - Quick start guide - Domain list summary --- ## Next Steps 1. ✅ Script created and validated 2. ⏳ Add Cloudflare credentials to `.env` 3. ⏳ Add Zone IDs to `.env` 4. ⏳ Run script to update DNS 5. ⏳ Verify DNS resolution 6. ⏳ Configure ER605 NAT rules 7. ⏳ Configure Nginx on VMID 105 8. ⏳ Test all endpoints --- ## Related Documentation - Script Guide: `docs/04-configuration/DNS_UPDATE_SCRIPT_GUIDE.md` - ER605 NAT Config: `docs/04-configuration/ER605_ROUTER_CONFIGURATION.md` - Nginx Config: `docs/04-configuration/NGINX_CONFIGURATIONS_VMIDS_2400-2508.md` - Network Architecture: `docs/02-architecture/NETWORK_ARCHITECTURE.md` --- **Status**: ✅ **Script Ready - Configure and Run**